Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Dec 2015 21:48:34 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r291655 - stable/10/sys/netsmb
Message-ID:  <201512022148.tB2LmYIE033822@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rmacklem
Date: Wed Dec  2 21:48:34 2015
New Revision: 291655
URL: https://svnweb.freebsd.org/changeset/base/291655

Log:
  MFC: r291035
  The problem report was for a crash that happened when smbfs was
  trying to do a mount. Given the backtrace,
  it appears that the crash occurred when smb_vc_create() failed and then
  called smb_vc_put() with vcp->vc_iod == NULL. smb_vc_put() subsequently
  called smb_vc_disconnect() with vcp->vc_iod == NULL, causing the crash.
  This patch adds a check for vcp->vc_iod != NULL in smb_vc_disconnect() to
  avoid the crash. It also fixes the case in smb_vc_create() where
  kproc_create() fails so that it destroys the mutexes and sets
  vcp->vc_iod == NULL before free()'ing the iod structure.

Modified:
  stable/10/sys/netsmb/smb_conn.c
  stable/10/sys/netsmb/smb_iod.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/netsmb/smb_conn.c
==============================================================================
--- stable/10/sys/netsmb/smb_conn.c	Wed Dec  2 20:22:50 2015	(r291654)
+++ stable/10/sys/netsmb/smb_conn.c	Wed Dec  2 21:48:34 2015	(r291655)
@@ -683,7 +683,9 @@ int
 smb_vc_disconnect(struct smb_vc *vcp)
 {
 
-	smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT | SMBIOD_EV_SYNC, NULL);
+	if (vcp->vc_iod != NULL)
+		smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT |
+		    SMBIOD_EV_SYNC, NULL);
 	return 0;
 }
 

Modified: stable/10/sys/netsmb/smb_iod.c
==============================================================================
--- stable/10/sys/netsmb/smb_iod.c	Wed Dec  2 20:22:50 2015	(r291654)
+++ stable/10/sys/netsmb/smb_iod.c	Wed Dec  2 21:48:34 2015	(r291655)
@@ -690,6 +690,9 @@ smb_iod_create(struct smb_vc *vcp)
 	    RFNOWAIT, 0, "smbiod%d", iod->iod_id);
 	if (error) {
 		SMBERROR("can't start smbiod: %d", error);
+		vcp->vc_iod = NULL;
+		smb_sl_destroy(&iod->iod_rqlock);
+		smb_sl_destroy(&iod->iod_evlock);
 		free(iod, M_SMBIOD);
 		return error;
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512022148.tB2LmYIE033822>